How to recover deleted excahnge object on DC with ldp.exe tool ?

Experts!!

I did something terribly wrong, by a mistake I deleted a system object in AD on my DC. In AD console, with advanced view open, under catalog Microsoft Exchange System object, there was 2 objects; Now there is only one, the security group Install Exchange servers. The other was deleted by me.

I can find the object with the LDP.EXE tool under CN=deleted objects.

How do I "Move" this object back to its original place? Is it possible? I need some serious help here.....

I need instruktions how to do this. I have found this link:

http://searchwinit.techtarget.com/tip/1,289483,sid1_gci1141514,00.html

But I just cant get the right script made? Can anyone out there help me out of disaster?

I do have a FULL backup of my DC. Can i transfer a piece(catalog) from this witch makes it all good again?

Kato.
Humanitycompany.com
forhumanityAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LauraEHunterMVPCommented:
You will need to perform an authoritative restore of the object that you deleted using the ntdsutil utility as described here:

http://technet2.microsoft.com/windowsserver/en/library/690730c7-83ce-4475-b9b4-46f76c9c7c901033.mspx?mfr=true

You will perform a recovery of the system state of your Active Directory database, and then use ntdsutil to mark the single object that you deleted as authoritative; this requires the original distinguished name of the object.

For a single object you can also try your luck with the following freeware tool released by Quest: http://www.quest.com/object-restore-for-active-directory/
0
forhumanityAuthor Commented:
Thanx Laura.

Just to clear a few things. I have a system state backup. Wich I will use as described in the links above.

Regarding the DistinguishedName, can I make it easyer to my challange, to restore all deleted objects, and then after going trough this above, just delete those object that are restored who i dont need?

Saying this because there are a few other objects that has the name of my Exchange server(maybee my trailversion), my point is that it looks like my deletion is made up of more then one object? Or is it just this one pasted in here?

CN=SystemMailbox{07B0C30B-D567-476F-9047-D2844228DBB8}\0ADEL:01ccda74-46d3-49ca-8195-ac55ec5b9d13,CN=Deleted Objects,DC=Humanitybar,DC=local
      2> objectClass: top; msExchSystemMailbox;
      1> cn: SystemMailbox{07B0C30B-D567-476F-9047-D2844228DBB8}
DEL:01ccda74-46d3-49ca-8195-ac55ec5b9d13;
      1> distinguishedName: CN=SystemMailbox{07B0C30B-D567-476F-9047-D2844228DBB8}\0ADEL:01ccda74-46d3-49ca-8195-ac55ec5b9d13,CN=Deleted Objects,DC=Humanitybar,DC=local;

Is my distinguishedName just: CN=SystemMailbox ? Or is it the whole phrase?

And to "restore" all deleted items what distinguishedName would I use? What would you recomend doing?

And again, thanx for your support here....

Kato.
0
LauraEHunterMVPCommented:
> "Regarding the DistinguishedName, can I make it easyer to my challange, to restore all deleted objects, and then after going trough this above, just delete those object that are restored who i dont need?"

This is precisely what is entailed in performing a system state restore and then marking the individual object that you require as authoritative.  

The Distinguished Name of the object is the LDAP name of the object as it appeared before it was deleted, including the DN of the original parent container. The DN that you list above is the DN of the tombstoned object, which is not the DN that you need to refer to in order to mark the restore as authoritative.

I would recommend that you develop a stronger understanding of system state backup and restores (start at the link I listed in a previous comment)  before attempting to perform an authoritative restore on a production network, and/or perform the operation in a test lab first, as doing so incorrectly can cause significant damage to your network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
forhumanityAuthor Commented:
Thanx for your help. I did www.quest.com and Recovery Manager for Active Directory - a fantastic tool !!!
That is what I call a solution!!

Kato.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.